//package org.yang.plugins.resource.config;
//
//import cn.hutool.core.collection.CollectionUtil;
//import cn.hutool.json.JSONUtil;
//import com.nimbusds.jose.jwk.JWKSet;
//import com.nimbusds.jose.jwk.RSAKey;
//import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
//import com.nimbusds.jose.jwk.source.JWKSource;
//import com.nimbusds.jose.proc.SecurityContext;
//import lombok.RequiredArgsConstructor;
//import lombok.Setter;
//import lombok.extern.slf4j.Slf4j;
//import org.apache.logging.log4j.util.Strings;
//import org.springframework.boot.context.properties.ConfigurationProperties;
//import org.springframework.cloud.bootstrap.encrypt.KeyProperties;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.core.convert.converter.Converter;
//import org.springframework.core.io.ClassPathResource;
//import org.springframework.core.io.Resource;
//import org.springframework.security.authentication.AbstractAuthenticationToken;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
//import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
//import org.springframework.security.oauth2.jwt.Jwt;
//import org.springframework.security.oauth2.jwt.JwtDecoder;
//import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
//import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
//import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider;
//import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
//import org.springframework.security.rsa.crypto.KeyStoreKeyFactory;
//import org.springframework.security.web.AuthenticationEntryPoint;
//import org.springframework.security.web.SecurityFilterChain;
//import org.springframework.security.web.access.AccessDeniedHandler;
//import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
//import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
//import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
//
//
//import java.io.BufferedReader;
//import java.io.IOException;
//import java.io.InputStreamReader;
//import java.security.KeyPair;
//import java.security.interfaces.RSAPrivateKey;
//import java.security.interfaces.RSAPublicKey;
//import java.util.List;
//import java.util.UUID;
//import java.util.stream.Collectors;
//
///**
// * 客户端配置
// *
// * @author haoxr
// * @since 2022/8/28
// */
//@ConfigurationProperties(prefix = "security")
//@Configuration
//@EnableWebSecurity
//@RequiredArgsConstructor
//@Slf4j
//public class ResourceServerConfig {
//
//    private final AccessDeniedHandler accessDeniedHandler;
//    private final AuthenticationEntryPoint authenticationEntryPoint;
//
//
//    /**
//     * 白名单路径列表
//     */
//    @Setter
//    private List<String> whitelistPaths;
//
//
//    @Bean
//    public SecurityFilterChain securityFilterChain(HttpSecurity http, HandlerMappingIntrospector introspector) throws Exception {
//
//        MvcRequestMatcher.Builder mvcMatcherBuilder = new MvcRequestMatcher.Builder(introspector);
//
//        log.info("白名单列表:{}", JSONUtil.toJsonStr(whitelistPaths));
//        http.authorizeHttpRequests((requests) ->
//                        {
//                            if (CollectionUtil.isNotEmpty(whitelistPaths)) {
//                                for (String whitelistPath : whitelistPaths) {
//                                    requests.requestMatchers(mvcMatcherBuilder.pattern(whitelistPath)).permitAll();
//                                }
//                            }
//                            requests.anyRequest().authenticated();
//                        }
//                )
//                .csrf(AbstractHttpConfigurer::disable)
//        ;
//        http.oauth2ResourceServer(resourceServerConfigurer ->
//                resourceServerConfigurer
//                        .jwt(jwtConfigurer -> jwtAuthenticationConverter())
//                        .authenticationEntryPoint(authenticationEntryPoint)
//                        .accessDeniedHandler(accessDeniedHandler)
//        );
//        return http.build();
//    }
//
//
//    @Bean
//    MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
//        return new MvcRequestMatcher.Builder(introspector);
//    }
//
//    /**
//     * 自定义JWT Converter
//     *
//     * @return Converter
//     * @see JwtAuthenticationProvider#setJwtAuthenticationConverter(Converter)
//     */
//    @Bean
//    public Converter<Jwt, ? extends AbstractAuthenticationToken> jwtAuthenticationConverter() {
//        JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
//        jwtGrantedAuthoritiesConverter.setAuthorityPrefix(Strings.EMPTY);
//        jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("authorities");
//
//        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
//        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwtGrantedAuthoritiesConverter);
//        return jwtAuthenticationConverter;
//    }
//
//
//
//
//
//
//
//    @Bean
//    public JwtDecoder jwtDecoder() {
//        KeyPair keyPair = keyPair();
//        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
//        return NimbusJwtDecoder.withPublicKey(publicKey).build();
//    }
//
//    @Bean
//    public KeyProperties keyProperties(){
//        return new KeyProperties();
//    }
//    /**
//     * 密钥库中获取密钥对(公钥+私钥)
//     */
//    @Bean
//    public KeyPair keyPair() {
//        KeyProperties.KeyStore keyStore = keyProperties().getKeyStore();
//        // 导入证书
//        KeyStoreKeyFactory factory = new KeyStoreKeyFactory(keyStore.getLocation(),
//                keyStore.getSecret().toCharArray());
//        try {
//            return factory.getKeyPair(keyStore.getAlias(), keyStore.getPassword().toCharArray());
//        }catch (RuntimeException  e){
//            e.printStackTrace();
//            return null;
//        }
//    }
//
//}
